Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: 200909-08 Normal: C* Music Player Symlink Attack

gentoo
Calendar Grey September 9, 2009
Dist Gentoo Esm H88
Z* audio streamer encounters vulnerability with file management, posing risks for symlink exploitation. Upgrade to protect your device.
An insecure temporary file usage has been reported in the C* music player, allowing for symlink attacks.

Summary

Gentoo Linux Security Advisory GLSA 200909-08 https://security.gentoo.org/ Severity: Normal Title: C* music player: Insecure temporary file usage Date: September 09, 2009 Bugs: #250474 ID: 200909-08

Synopsis ======= An insecure temporary file usage has been reported in the C* music player, allowing for symlink attacks.
Background ========= The C* Music Player (cmus) is a modular and very configurable ncurses-based audio player.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-sound/cmus < 2.2.0-r1 >= 2.2.0-r1
========== Dmitry E. Oboukhov reported that cmus-status-display does not handle the "/tmp/cmus-status" temporary file securely.
Impact ===== A loca...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo temporary file symlink attack normal severity music player cmus

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo temporary file symlink attack normal severity music player cmus

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here